One of my servers is hosted inside a private network, the only way for me to SSH connect is using another server that does allow connections from the Internet.
What I've been told is (and I've used it for the last one and half year),
first I need to connect to the jump box that allows SSH connections from the Internet,
then SSH to the actual server I want to connect from there. It does work and works very well,
it never gives me any trouble, BUT this method is time-consuming: type ssh username@hostname twice,
enter the password twice(or once/none if SSH key authentication is in place).
There has to be another way to do it. A simple, geeky way.
Here it comes. Let's say you have three servers:
- Server A: your laptop
- Server B: a remote jump box
- Server C: a remote server which can only be SSHed from server B
You are using SSH key to connect to C.
SSH key for server C is located on server B
You can place the following code in /home/<your_user>/.ssh/config
Host <hostname_for_server_C> #You can put wildcard here, like *.example.com
User <username_for_ssh_to_server_C>
ForwardAgent No #This means the key is located on server B
ProxyCommand ssh <username_for_ssh_to_server_B>@<hostname_for_server_A> nc %h %p 2> /dev/null
IdentityFile <ssh_key_file_located_on_server_B>
Please note the file premission for /home/chmod 600 /home/<your_user>/.ssh/config
SSH key for server C is located on server A
If your SSH key for server C is located on server A, then you can still use the config above with one minor setting change:
change ForwardAgent from no to yes in/home/<your_user>/.ssh/config
Now, you can ssh to C using command ssh <hostname_for_server_C>.
This command may request password for logging into server B, if you have
SSH key for server B, add following into /home/<your_user>/.ssh/config
Host <hostname_for_server_B> #You can put wildcard here, like *.example.com
IdentityFile <ssh_key_file>